Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17433
HistoryJul 10, 2007 - 12:00 a.m.

Another You tube clone script vulnerability

2007-07-1000:00:00
vulners.com
13
JSON

ChX Security |
Advisory #2 |

-> "Generic YouTube Clone Script - XSRF: Arbitrary Code Injection" <-

Data |

Author: Pepepistola <Pepepistola_at_chxsecurity_dot_org>
Program: Generic YouTube Clone Script
Severity: Moderately Critical
Type of Advisory: Mid Disclosure
Affected/Tested Versions: – (* See below)

  •   There multiple clone scripts make by multiple vendors but all share the

same mistakes
and even same code, so we couldnt determinate the right (or original)
vendor.

Program Description |

Dream to build your own highly profitable online video sharing community
just like YouTube or DailyMotion?
Unleash the power of video sharing to boost your websites' traffic &
revenues!

Overview |

The "Email-Template" module has no file type validation and a remote
attacker could lead the admin
to create a especially crafted malicious email template that allows the
remote attacker to compromise
the entire system.

WorkAround |

The Admin has the capabilities to create and a "Email-Template" that would
be stored in the directory:
/templates/emails/
Since the module doesn't have any file type validation the admin can upload
any arbitrary file type,
so a remote attacker can gain access by just leading the (already logged-in)
admin to and a specially
crafted (malicious) website that truth a Cross-site Request Forgery make the
admin automatically create
a email template.
This could lead to a remote attacker to gain access and further more
compromise the entire system.

Proof Of Concept|

ChX Security will not release any proof of concept.

Solution/Fix|

By the moment there is no official solution provided by the vendor(s)…
ChX Security encourages to the website admins to just stay logged-in only
the necessary time and keep
logged-off at all time that you dont have to do any administration related
task.

Dates |

Bug Found: 04/07/2007
Vendor Contact: --/–/–
Vendor Response: --/–/–
Public Disclosure: 06/07/2007

Shouts |

g30rg3_x, musashi, patoruzu, elvispresley, skyline2412 (p1mp4m)

        ChX Security
   http://chxsecurity.org/
         &#40;c&#41; 2007

Copy: http://chxsecurity.org/advisories/adv-2-mid.txt

Pepepistola

JSON